History log of /PHP-8.4/tests/basic/GHSA-9pqp-7h25-4f32.inc (Results 1 – 1 of 1)
Revision Date Author Comments
# d65a1e6f 09-Sep-2024 Arnaud Le Blanc

Fix GHSA-9pqp-7h25-4f32

multipart/form-data boundaries larger than the read buffer result in erroneous
parsing, which violates data integrity.

Limit boundary size, as allowed by

Fix GHSA-9pqp-7h25-4f32

multipart/form-data boundaries larger than the read buffer result in erroneous
parsing, which violates data integrity.

Limit boundary size, as allowed by RFC 1521:

Encapsulation boundaries [...] must be no longer than 70 characters, not
counting the two leading hyphens.

We correctly parse payloads with boundaries of length up to
FILLUNIT-strlen("\r\n--") bytes, so allow this for BC.

show more ...